2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale
2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale__below

Description

Product Description

Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you’ll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process.

Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This book helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship.

In three parts, this in-depth book includes:

  • The fundamentals: get an introduction to cyber threat intelligence, the intelligence process, the incident-response process, and how they all work together
  • Practical application: walk through the intelligence-driven incident response (IDIR) process using the F3EAD process—Find, Fix Finish, Exploit, Analyze, and Disseminate
  • The way forward: explore big-picture aspects of IDIR that go beyond individual incident-response investigations, including intelligence team building

About the Author

Scott J Roberts works for GitHub and makes up his title every time he’s asked, so we’ll say he’s the Director of Bad Guy Catching. He has worked for 900lbs security gorillas, government security giants & boutiques, and financial services security firms and done his best to track down bad guys at all these places. He’s released and contributed to multiple tools for threat intelligence and malware analysis. Scott is also really good at speaking in the 3rd person.



Rebekah Brown has spent more than a decade working in the intelligence community; her previous roles include NSA network warfare analyst, Operations Chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state, and local level, as well as at a Fortune 500 company. Today, Rebekah leads the Rapid7 threat intelligence programs at Rapid7, where her responsibilities include programs architecture, management, analysis, and operations. Rebekah lives in Portland, Oregon, where she grew up, with her three kids and spends her free time hiking and hacking and reading Harry Potter.

Product information

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!
Upload video
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Customers who bought this item also bought

Customer reviews

4.7 out of 54.7 out of 5
76 global ratings

Top reviews from the United States

R. Franklin
5.0 out of 5 starsVerified Purchase
Definitely worth the read!
Reviewed in the United States on January 16, 2018
Scott and Rebekah did an excellent job covering everything you need to know to start an intelligence program or mature one that you already have. Overall, I really enjoyed reading this book. I thought they did a great job explaining how to apply F3EAD in a threat... See more
Scott and Rebekah did an excellent job covering everything you need to know to start an intelligence program or mature one that you already have. Overall, I really enjoyed reading this book. I thought they did a great job explaining how to apply F3EAD in a threat intelligence environment. Even though F3EAD was a large part of the book, the authors also provided some great information on how to best engage with C-suite executives and other stakeholders. I would definitely recommend picking up this book, even if you''re already a threat intelligence expert.

Content aside, I think the editors (Courtney Allen and Virginia Wilson) really did Scott and Rebekah a disservice. Based on the content alone, I still think Intelligence-Driven Incident Response is worth the full 5 stars; however, throughout the book, there were numerous typos, such as ''adentdversary'' on page 180, and other errors (verbiage/grammar). Since the book does have a rather high cover price and is relatively short (only ~240 pages, appendix excluded), I don''t think it''s unfair to ask for better editing from the O''Reilly staff.
5 people found this helpful
Helpful
Report
infosecnoob
5.0 out of 5 starsVerified Purchase
A buy it now book.
Reviewed in the United States on November 14, 2017
For those who cannot get a full week off to take the SANS threat hunting course or maybe not afford it this is your next best thing. The book walks you through the threat intelligence lifecycle with examples a long the way to help you relate back to a known story. This... See more
For those who cannot get a full week off to take the SANS threat hunting course or maybe not afford it this is your next best thing. The book walks you through the threat intelligence lifecycle with examples a long the way to help you relate back to a known story. This book not only inspires you to learn more about how threats operate it provides you with the tools to understand how you can utilise the data effectively.

I see this book as the red team field manual for threat intelligence, it will be something I refer to daily.

#buyitnow!
10 people found this helpful
Helpful
Report
Amazon Customer
5.0 out of 5 starsVerified Purchase
Mandatory reading for anyone involved in IR, CTI, ...
Reviewed in the United States on December 7, 2017
Mandatory reading for anyone involved in IR, CTI, or SOC Land. I wish I had this book book 10 years ago. Stop reading this review and click Add to Cart.
2 people found this helpful
Helpful
Report
D. Cruickshank
5.0 out of 5 starsVerified Purchase
learn incident response
Reviewed in the United States on September 22, 2019
straight forward no nonsense book on an important topic.
Helpful
Report
Casey B.
5.0 out of 5 starsVerified Purchase
A must have for cyber threat intelligence professionals.
Reviewed in the United States on October 10, 2019
A must have for those delving into learning and applying cyber threat intelligence. This explains the full intelligence cycle oriented to the cyber domain.
Helpful
Report
Brian E. Genz
5.0 out of 5 starsVerified Purchase
Exceeded (already high) expectations!
Reviewed in the United States on September 7, 2017
"Intelligence-Driven Incident Response" equips Incident Response professionals with the knowledge and context to integrate traditional Intelligence principles into their cyber defense strategies. My pre-ordered copy arrived today, and I am already impressed with the... See more
"Intelligence-Driven Incident Response" equips Incident Response professionals with the knowledge and context to integrate traditional Intelligence principles into their cyber defense strategies. My pre-ordered copy arrived today, and I am already impressed with the authors'' experience and expertise spanning both of these complex domains.

As someone with a background in both information security and "traditional intelligence," I am excited and thankful to see Scott and Rebekah skillfully deconstruct the core components of Incident Response (IR) and intel. They introduce and explain the incident response process, the intelligence process, and cyber threat intelligence, enriched throughout with real-world case studies that tie the concepts together effectively.

The content organization is excellent: "Part I. The Fundamentals. Part II. Practical Application. Part III. The Way Forward."

There are too many "hit-the-nail-on-the-head" aspects of this book to highlight here, so I''ll just mention a few concepts the authors cover that address current gaps in the collective understanding of many organizations.

1. The authors discuss the Intelligence cycle and outline ways in which Intelligence-driven incident response feeds the Intelligence cycle. This is a critical point of departure from the mindset of intelligence being just a series of "threat feeds" containing known-bad file hashes and IP addresses. They present a more coherent and reality-aligned way of thinking about this concept than the tool-focused paradigms our executives are exposed to through interactions with vendors.

2. "Mining Previous Incidents." This section on page 125 highlights something I''ve referred to as "internal intelligence" in discussions with industry colleagues. In my experience with tactical intelligence collection in kinetic environments, the concept of "knowing the terrain" is so ingrained in the mindset of Warfighters that it doesn''t warrant much discussion. Within information security / cyber defense circles, though, this foundational concept doesn''t seem to have the same traction. (Yet.)

3. "Intelligence Consumer Goals." The authors articulate the need to think about various consumers of intelligence products through the lens of each consumer''s goals. For example, an Executive representing the business has a different scope and set of goals than the malware analyst working with the threat hunting team. The section in chapter 9: "Disseminate" that frames information sharing in the context of which types of stakeholders will consume the intelligence is a must-read for practitioners as well as leadership. In my experience working in both Intel and corporate environments, there tends to be a traditional view of "management reporting" in the corporate setting that can taint the intent of Intelligence Dissemination. Instead of considering the value of producing intelligence reports for "Internal Technical Consumers" as the authors discuss on page 167, the allocation of scarce resources to "reporting" falls into the traditional upward, leadership-focused information sharing. We urgently need the approach outlined in this book to gain traction in our industry. We need a "common operating picture" or a shared understanding of the current situation among the incident response team members, and that warrants allocating resources to disseminating intelligence products horizontally among technical consumers in addition to what has traditionally been viewed as management reporting.

4. "The RFI Process." From page 193: "A request for intelligence (RFI) is a specialized product meant to answer a specific question, often in response to a situational awareness need." Bottom line up front: Please read this, and then consider implementing it when you can. (But probably soon, because although it''s not a new concept, it is a proven, useful one that we would do well to adopt in information security.)

5. "Building an Intelligence Program." This is the title of chapter eleven. By the time the reader has progressed through the previous chapters, she will have developed a solid understanding of the core principles and components of the disciplines of Incident Response and Intelligence, how they converge in the concept of Intelligence-Driven Incident Response, and why it is important to undergird our approach to cyber defense with these time-tested methodologies. The authors lay out a series of considerations, clearly cognizant and respectful of budgetary and resource constraints faced by every reader. The questions posed are realistic and informative.

6. Appendix A: "Intelligence Products." Developing an understanding of what this entails and how it can enable & transform cyber defense is, in my opinion, worth the price of the book on its own.

The foreword by Rob Lee, Founder of Harbinger Security and DFIR Lead at SANS Institute, is a fascinating glimpse into the historical context around cyber intrusions. This historical perspective is provided by a current industry leader who remains on the front lines of this fight while developing a new generation of Digital Forensics and Incident Response (DFIR) professionals, myself included. Rob''s observation from the foreword says a lot: "I wish I had this book 20 years ago in my first intrusion cases while investigating Russian hackers during Moonlight Maze. Luckily, we have this book today, and I can now point to it as required reading for my students who want to move beyond tactical response and apply a framework and strategy to it all that works."

I’d recommend diving into a copy of this book as soon as you can. "Intelligence-Driven Incident Response" has the potential to transform security teams and organizations by educating, influencing, and guiding them. And, considering the current state of the cyber threat environment, it couldn’t have come at a better time.
6 people found this helpful
Helpful
Report
Heinbrian
5.0 out of 5 starsVerified Purchase
Pwnie award Nominee 2018 for best computer security book
Reviewed in the United States on February 25, 2018
A must read for Everyone in network security and Threat Intelligence and Incident Response is a good candidate for the 2018 Cybersecurity book of the year! The factual no nonsense & no marketing fluff to Incident Response and TI sets the ultimate standard
One person found this helpful
Helpful
Report
Christopher Hays
5.0 out of 5 starsVerified Purchase
Five Stars
Reviewed in the United States on April 16, 2018
Very helpful if you are new to incident response.
One person found this helpful
Helpful
Report

Top reviews from other countries

Amazon Customer
2.0 out of 5 starsVerified Purchase
Too much padding
Reviewed in the United Kingdom on July 10, 2020
This book might be interesting for someone not in the field already, but as an experienced professional it''s too entry level. In addition, the book has lots of padding around the information and covers stories of intelligence not related to cyber.
This book might be interesting for someone not in the field already, but as an experienced professional it''s too entry level. In addition, the book has lots of padding around the information and covers stories of intelligence not related to cyber.
Report
will
2.0 out of 5 starsVerified Purchase
Not a new book
Reviewed in the United Kingdom on December 18, 2019
Sure it''s a good book but when I''m paying £30 for a new book I don''t expect to arrive like a Haynes manual left in a garage. Clearly a second hand book but doesn''t say that anywhere.
Sure it''s a good book but when I''m paying £30 for a new book I don''t expect to arrive like a Haynes manual left in a garage.

Clearly a second hand book but doesn''t say that anywhere.
Report
Anon
5.0 out of 5 starsVerified Purchase
Five Stars
Reviewed in the United Kingdom on December 30, 2017
all good
all good
Report
Translate all reviews to English
Chillux
5.0 out of 5 starsVerified Purchase
Biblia operativa en un nuevo contexto
Reviewed in Mexico on May 3, 2018
Creo que este es el libro definitivo para todo pentester o analista de seguridad informática, donde claramente se puede entender nuestra función operativa y su forma de ser vista desde la perspectiva de inteligencia y equipos de respuesta a incidentes. Gracias al autor por...See more
Creo que este es el libro definitivo para todo pentester o analista de seguridad informática, donde claramente se puede entender nuestra función operativa y su forma de ser vista desde la perspectiva de inteligencia y equipos de respuesta a incidentes. Gracias al autor por los detalles y contrastes, sencillamente el llevar la inteligencia como principal vector en la narrativa expuesta, hace toda la diferencia.
Creo que este es el libro definitivo para todo pentester o analista de seguridad informática, donde claramente se puede entender nuestra función operativa y su forma de ser vista desde la perspectiva de inteligencia y equipos de respuesta a incidentes. Gracias al autor por los detalles y contrastes, sencillamente el llevar la inteligencia como principal vector en la narrativa expuesta, hace toda la diferencia.
Report
Translate review to English
Juan Carlos Vázquez
5.0 out of 5 starsVerified Purchase
Amazing book!!!
Reviewed in Mexico on October 31, 2017
Great book!!! A must for all IR Teams that want to learn/improve their current capabilities with new concepts including the value of Deception/Intel in the Active Defense practice!
Great book!!! A must for all IR Teams that want to learn/improve their current capabilities with new concepts including the value of Deception/Intel in the Active Defense practice!
One person found this helpful
Report
Translate review to English
See all reviews
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Customers who viewed this item also viewed

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Explore similar books

Tags that will help you discover similar books. 6 tags
Results for: 
Where do clickable book tags come from?
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Pages with related products.

  • incident response
  • digital forensic
  • system administrator

From the Preface

Welcome to the exciting world of intelligence-driven incident response! Intelligence—specifically, cyber threat intelligence—has a huge potential to help network defenders better understand and respond to attackers’ actions against their networks.

The purpose of this book is to demonstrate how intelligence fits into the incident-response process, helping responders understand their adversaries in order to reduce the time it takes to detect, respond to, and remediate intrusions. Cyber threat intelligence and incident response have long been closely related, and in fact are inextricably linked. Not only does threat intelligence support and augment incident response, but incident response generates threat intelligence that can be utilized by incident responders. The goal of this book is to help readers understand, implement, and benefit from this relationship.

Why We Wrote This Book

In recent years, we have seen a transition from approaching incident response as a standalone activity to viewing it as an integral part of an overall network security program. At the same time, cyber threat intelligence is rapidly becoming more and more popular, and more companies and incident responders are trying to understand how to best incorporate threat intelligence into their operations. The struggle is real—both of us have been through these growing pains as we learned how to apply traditional intelligence principles into incident-response practices, and vice versa—but we know that it is worth the effort. We wrote this book to pull together the two worlds, threat intelligence and incident response, to show how they are stronger and more effective together, and to shorten the time it takes practicioners to incorporate them into operations.

Who This Book Is For

This book is written for people involved in incident response, whether their role is an incident manager, malware analyst, reverse engineer, digital forensics specialist, or intelligence analyst. It is also for those interested in learning more about incident response. Many people who are drawn to cyber threat intelligence want to know about attackers—what motivates them and how they operate—and the best way to learn that is through incident response. But it is only when incident response is approached with an intelligence mindset that we start to truly understand the value of the information we have available to us. You don’t need to be an expert in incident response, or in intelligence, to get a lot out of this book. We step through the basics of both disciplines in order to show how they work together, and give practical advice and scenarios to illustrate the process.

Product information

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale

2021 discount Intelligence-Driven high quality Incident Response: Outwitting the lowest Adversary outlet sale